gflags.exe /i iexplore.exe +hpa +ust
Enable the Pageheap (HPA) and User Stack Trace (UST) flags.
gflags.exe /p /enable iexplore.exe /full
C:\Users\praveend>gflags.exe /?
usage: GFLAGS [-r [
[-r +spp TAG | -r +spp SIZE | -r -spp |
[-k [
[-k +spp TAG | -k +spp SIZE | -k -spp] |
[-ro [-d | { -i
p] ] |
[-ko [-d | { -i
p] ] |
[-i
[-i
[-p
where:
one or more global flags to set.
-r operates on system registry settings.
-r +spp TAG - Set Special Pool tag value.
TAG can have up to four characters.
-r +spp SIZE - Set Special Pool block size value.
SIZE must be in hex format, starting with characters 0x.
-r -spp - Disable Special Pool tag or block size.
-k operates on kernel settings of the running system.
-k +spp TAG - Set Special Pool tag value at run time.
TAG can have up to four characters.
-k +spp SIZE - Set Special Pool block size value at run time.
SIZE must be in hex format, starting with characters 0
x.
-k -spp - Disable Special Pool tag or block size at run time.
-ro operates on object reference tracing at boot time.
-ko operates on object reference tracing at run time.
-d disables object reference tracing. Do not specify any
other tracing options.
-i
to capture traces. All processes started up with this
image file will be traced.
-t
to capture traces. Pool tags should be 4 letters each,
separated by ';'. This value is case sensitive.
-p maintains traces after the objects are destroyed(permanent).
By default traces are temporary.
Unless you are using -d you must specify at least one of the
-i or the -p options. You may specify both in which case
objects with a pool tag that is among the list of pool tags
you specify, created by processes with the image filename
you specify will be traced. -ko settings override -ro settings.
Also, if you specify a new set of -ko settings the previous
-ko settings, if any, are lost (same for -ro).
-i operates on settings for a specific image file.
[ignored when not suported in the current OS versions]
If only the switch is specified, then current settings
are displayed, not modified. If flags specified for -i
option are FFFFFFFF, then registry entry for that image
is deleted
The `-tracedb' option is used to set the size of the stack trace
database used to store runtime stack traces. The actual database
will be created if the `+ust' flag is set in a previous command.
`-tracedb 0' will revert to the default size for the database.
If no arguments are specified to GFLAGS then it displays
a dialog box that allows the user to modify the global
flag settings.
Flags may either be a single hex number that specifies all
32-bits of the GlobalFlags value, or it can be one or more
arguments, each beginning with a + or -, where the + means
to set the corresponding bit(s) in the GlobalFlags and a -
means to clear the corresponding bit(s). After the + or -
may be either a hex number or a three letter abbreviation
for a GlobalFlag. Valid abbreviations are:
soe - Stop On Exception
sls - Show Loader Snaps
dic - Debug Initial Command
shg - Stop on Hung GUI
htc - Enable heap tail checking
hfc - Enable heap free checking
hpc - Enable heap parameter checking
hvc - Enable heap validation on call
vrf - Enable application verifier
ptg - Enable pool tagging
htg - Enable heap tagging
ust - Create user mode stack trace database
kst - Create kernel mode stack trace database
otl - Maintain a list of objects for each type
htd - Enable heap tagging by DLL
dse - Disable stack extensions
d32 - Enable debugging of Win32 Subsystem
ksl - Enable loading of kernel debugger symbols
dps - Disable paging of kernel stacks
scb - Enable system critical breaks
dhc - Disable Heap Coalesce on Free
ece - Enable close exception
eel - Enable exception logging
eot - Enable object handle type tagging
hpa - Enable page heap
dwl - Debug WINLOGON
ddp - Disable kernel mode DbgPrint output
cse - Early critical section event creation
sue - Stop on Unhandled Exception
bhd - Enable bad handles detection
dpd - Disable protected DLL verification
lpg - Load image using large pages if possible
All images with ust enabled can be accessed in the
USTEnabled key under 'Image File Options'.
C:\Users\praveend>
No comments:
Post a Comment